Does Snapshot/Restore to a different target cluster retain system indices?

As the title states, if I were to perform a snapshot on one cluster and restore it to another target cluster, will it retain the .* system indices? In particular, .security, .kibana, .monitoring, .watcher-history and so forth.

If a full snapshot does do this, is there a way to exclude these without explicitly specifying all the other indices in our cluster? We have 3,000+ indices so it's not logical to necessarily specify each of them in order to exclude the rest.

A snapshot by default includes all open and started indices so yes it would include the .* indices unless you specify otherwise.

A useful way to exclude a small set of indices, rather than including a large set of indices, is to use the "-" operator (multi index syntax), as follows:

Everything except .security, .kibana, .monitoring and .watcher-history

PUT _snapshot/<repository_name>/<snapshot_name>
{
  "indices": "*,-.security,-.kibana,-.monitoring,-.watcher-history",
  "ignore_unavailable": true,
  "include_global_state": true
}

Or, everything except indices that start with "."

PUT _snapshot/<repository_name>/<snapshot_name>
{
  "indices": "*,-.*",
  "ignore_unavailable": true,
  "include_global_state": true
}

Same goes for the restore API.

Perfect, that was precisely what I was looking for! I wasn't familiar with the exclude ("-") operator, so thank you kindly.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.